New, free questionnaire here from Microsoft Trustworthy Computing that runs through a short list of questions about IT processes. Then it spits out a pretty report with tailored guidance, including an automated mapping from your industry to the regulatory guidance/framework (e.g. ISO; HIPAA) that probably makes the most sense for you.